- Funding Programme
- Year
- 2019
Developing internal processes and procedures specific to the payments oversight authority for performing on-site inspections
The commission helped the National Bank of Romania (NBR) prepare an internal manual and guidelines for conducting on-site inspections for Financial Market Infrastructures and Payments Oversight. The project consisted in a study visit programme to several European central banks in charge of payment systems oversight with a long-standing experience in performing on-site inspections and willing to share their best practices and know-how to the benefit of the NBR. Based on such input, the NBR itself prepared the manual and guidelines.
Context
The NBR, particularly the Financial Market Infrastructures and Payments Oversight Department, was entrusted with on-site inspections tasks in order to supervise the proper functioning of the money market, foreign exchange market and government bonds market as well as the security of payment services and instruments provided by banks, payment and e-money institutions.
In order to properly perform these new tasks, the NBR wanted to develop an internal manual and guidelines for on-site inspections of supervised financial institutions focused on the functioning of these markets, drawing from European best practices.
Support delivered
Several experts from the NBR were selected to participate in a programme of study visits to other EU central banks to learn from their expertise. Banque de France, Magyar Nemzeti Bank and the Central Bank of Ireland hosted the visits, which were the opportunity to share theoretical and practical knowledge.
Banque de France introduced its oversight of payment systems and other financial market infrastructures (FMIs), as well as of payment instruments. It also explained its supervision of specialised entities, such as Central Counterparty Clearing Houses (CCPs) and Payment Service Providers (PSPs), as well on-site inspections about compliance to PSD2 and cyber-security.
Magyar Nemzeti Bank detailed its cyber resilience oversight expectations for financial market infrastructures, as well as the oversight of securities market infrastructures, such as Central Securities Depositories (CSDs), Central Counterparty Clearing Houses (CCPs) and Securities Settlement Systems (SSS). Supervisory activities and procedures, both off-site and on-site, priorities, thematic reviews and the tools used for conducting supervision were also outlined.
The Central Bank of Ireland introduced its wide area of supervision responsibilities for foreign exchange and money markets, as well as investment services, market abuse and payment instruments. In addition, it had adopted the Threat Intelligence-based Ethical Red Teaming (TIBER) cyber-resilience-testing framework that represented a topic of high interest for the NBR for its implementation.
Expected results
Based on the knowledge acquired during the programme, the NBR agents received useful input to draft an on-site manual and guidelines in this area.
An inspection plan will subsequently be built, including risk-based criteria, timelines and information to be exchanged with the off-site supervision team. The organisational aspects for setting-up an on-site inspection will be taken into consideration: steps to follow, set-up of the control team, timeline, operational work and templates (appointment letters, requests for documents, on-site inspection reports, etc.). The main areas for on-site inspections (e.g. cyber-security, compliance with PSD2, etc.) and key controls will be detailed. Practices on how remedial measures and/or sanctions are drafted, adopted, communicated and enforced will also be defined.